THAT WHICH IS CLAIMED IS: 



1 . A method of message authentication for an SSL-based protocol 
connection between a source device and a destination device, the method 
comprising: 

generating a group message authentication code (MAC) based on a plurality 
5 of communication packets, each of the communication packets having at least one 
data record; and 

transmitting the plurality of communication packets using the SSL-based 
protocol connection along with the generated group MAC, wherein ones of the 
plurality of communication packets do not include an associated packet MAC. 

10 

2. The method of Claim 1 further comprising transmitting a record 
count using the SSL-based protocol connection, the record count indicating a 
number of data records to be received associated with a next group MAC to be 
received, the data records associated with the record count corresponding to a next 

1 5 plurality of communication packets to be transmitted and wherein the next group 
MAC is generated based on the next plurality of communication packets to be 
transmitted. 

3. The method of Claim 2 wherein the record count is transmitted 
20 using the SSL-based protocol connection before the next plurality of 

communication packets and wherein the next group MAC is transmitted after the 
next plurality of communication packets. 

4. The method of Claim 3 wherein the record count is transmitted 
25 using the SSL-based protocol connection either with the first plurality of 

communication packets or at a beginning of the next plurality of communication 
packets. 
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5. The method of Claim 4 wherein the record count is transmitted 
following the generated group MAC without any intervening data records. 

6. The method of Claim 5 further comprising: 

5 transmitting a last plurality of communication packets using the SSL-based 

protocol connection along with a last group MAC, the last group MAC being 
generated based on the last plurality of communication packets; and 

closing the SSL-based protocol connection following transmission of the 
last plurality of communication packets. 

10 

7. The method of Claim 5 wherein at least a subset of communication 
packets from the plurality of communication packets has pre-encrypted data records 
and wherein the method further comprises: 

encrypting data records of the at least a subset of communication packets to 
1 5 provide the pre-encrypted data records; 

storing the pre-encrypted data records; 

retrieving ones of the stored pre-encrypted data records for transmission 
responsive to a request for transmission of the ones of the stored pre-encrypted data 
records; 

20 transmitting the retrieved ones of the stored pre-encrypted data records 

using the SSL-based protocol connection without using the SSL-based protocol 
connection to encrypt the retrieved ones of the stored pre-encrypted data records; 
and 

transmitting a group MAC generated based on the retrieved ones of the 
25 stored pre-encrypted data records using the SSL-based protocol connection to 
encrypt the group MAC generated based on the retrieved ones of the stored pre- 
encrypted data records. 

8. The method of Claim 7 further comprising establishing the SSL- 
30 based protocol connection with a designated client and wherein the pre-encrypted 

data records are associated with the designated client and wherein the encrypting 
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step comprises encrypting data records of the at least a subset of communication 
packets using a public key of the designated client. 

9. The method of Claim 8 wherein establishing the SSL-based protocol 
5 connection further comprises negotiating a client certificate of the designated client 

and wherein the method further comprises determining the public key of the 
designated client based on the client certificate. 

10. The method of Claim 7 further comprising establishing the SSL- 
10 based protocol connection with a designated client and wherein the pre-encrypted 

data records are associated with the designated client and wherein the encrypting 
step comprises encrypting data records of the at least a subset of communication 
packets using a temporary key known by the designated client. 

15 11. The method of Claim 7 further comprising: 

establishing the SSL-based protocol connection with a designated client; 
transmitting a pre-encryption key to the designated client using the SSL- 
based protocol connection; and 

wherein the pre-encrypted data records are associated with the designated 
20 client and wherein the encrypting step comprises encrypting data records of the at 
least a subset of communication packets using the pre-encryption key. 

12. The method of Claim 1 1 wherein transmitting a pre-encryption key 
comprises transmitting the pre-encryption key to the designated client with the 

25 record count. 

1 3 . The method of Claim 1 1 further comprising transmitting a plurality 
of groups of communication packets having pre-encrypted data records, each of the 
groups of communication packets having an associated group MAC and an 

30 associated record count, using the SSL-based protocol connection, wherein the 
associated group MACs and associated record counts are transmitted using the 
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SSL-based protocol connection to encrypt the associated group MACs and 
associated record counts and the pre-encrypted data records are transmitted without 
using the SSL-based protocol connection to encrypt the pre-encrypted data records, 
and wherein transmitting a pre-encryption key to the designated client comprises 
5 transmitting a pre-encryption key with each of the associated record counts. 

14. The method of Claim 5 further comprising the following executed 
by the destination device. 

receiving the first plurality of communication packets and the generated 
10 group MAC; 

generating a calculated MAC based on the received first plurality of 
communication packets; and 

determining if an error has occurred in the received first plurality of 
communication packets based on a comparison of the calculated MAC and the 
15 received generated group MAC. 

1 5 . The method of Claim 1 4 further comprising terminating the S SL- 
based protocol connection if it is determined that an error has occurred. 

20 16. The method of Claim 1 4 further comprising the following executed 

by the destination device: 

receiving the record count; 

receiving a number of data records of the next plurality of communication 
packets corresponding to the received record count; 
25 receiving the next group MAC; 

generating a next calculated MAC based on the received data records of the 
next plurality of communication packets; and 

determining if an error has occurred in the received data records of the next 
plurality of communication packets based on a comparison of the next calculated 
30 MAC and the received next group MAC. 
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17. The method of Claim 1 wherein at least a subset of communication 
packets from the plurality of communication packets have pre-encrypted data 
records and wherein the method further comprises: 

encrypting data records of the at least a subset of communication packets to 
5 provide the pre-encrypted data records; 

storing the pre-encrypted data records; 

retrieving ones of the stored pre-encrypted data records for transmission 
responsive to a request for transmission of the ones of the stored pre-encrypted data 
records; 

10 transmitting the retrieved ones of the stored pre-encrypted data records 

using the SSL-based protocol connection without using the SSL-based protocol 
connection to encrypt the retrieved ones of the stored pre-encrypted data records; 
and 

transmitting a group MAC generated based on the retrieved ones of the 
1 5 stored pre-encrypted data records using the SSL-based protocol connection to 
encrypt the group MAC generated based on the retrieved ones of the stored pre- 
encrypted data records. 

1 8 . The method of Claim 1 7 further comprising establishing the SSL- 
20 based protocol connection with a designated client and wherein the pre-encrypted 

data records are associated with the designated client and wherein the encrypting 
step comprises encrypting data records of the at least a subset of communication 
packets using a public key of the designated client. 

25 19. The method of Claim 1 7 further comprising establishing the S SL- 

based protocol connection with a designated client and wherein the pre-encrypted 
data records are associated with the designated client and wherein the encrypting 
step comprises encrypting data records of the at least a subset of communication 
packets using a temporary key known by the designated client. 
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20. The method of Claim 1 further comprising the following executed 
by the destination device: 

receiving the first plurality of communication packets and the generated 
group MAC; 

5 generating a calculated MAC based on the received first plurality of 

communication packets; and 

determining if an error has occurred in the received first plurality of 
communication packets based on a comparison of the calculated MAC and the 
received generated group MAC. 

10 

2 1 . The method of Claim 20 further comprising terminating the SSL- 
based protocol connection if it is determined that an error has occurred. 

22. A method for message authentication for an SSL-based protocol 
1 5 connection between a source device and a destination device, the method 

comprising: 

receiving a first plurality of communication packets and a group MAC that 
was generated based on the first plurality of communication packets, wherein ones 
of the first plurality of communication packets do not include an associated packet 
20 MAC; 

generating a calculated MAC based on the received first plurality of 
communication packets; and 

determining if an error has occurred in the received first plurality of 
communication packets based on a comparison of the calculated MAC and the 
25 received group MAC. 

23 . The method of Claim 22 further comprising: 

receiving a record count, the record count indicating a number of data 
records to be received before a next group MAC, the next group MAC being 
30 generated based on a next plurality of communication packets corresponding the 
data records associated with the record count; 
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receiving a number of data records of the next plurality of communication 
packets corresponding to the received record count; 
receiving the next group MAC; 

generating a next calculated MAC based on the received data records of the 
5 next plurality of communication packets; and 

determining if an error has occurred in the received data records of the next 
plurality of communication packets based on a comparison of the next calculated 
MAC and the received next group MAC. 

1 o 24. The method of Claim 23 wherein the record count is received using 

the SSL-based protocol connection before the data records of the next plurality of 
communication packets corresponding to the received record count. 

2 5 . The method of Claim 24 wherein the record count is received after 
1 5 the first group MAC without any intervening data records. 

26. A system of message authentication for an SSL-based protocol 
connection between a source device and a destination device, the system 
comprising: 

20 a group message authentication code (MAC) generation circuit that 

generates a group MAC based on a plurality of communication packets, each of the 

communication packets having at least one data record; and 

a transmitter that transmits the plurality of communication packets using the 

SSL-based protocol connection along with the generated group MAC, wherein ones 
25 of the plurality of communication packets do not include an associated packet 

MAC. 

27. The system of Claim 26 further comprising: 

a record count generation circuit that generates a record count indicating a 
30 number of data records to be received associated with a next group MAC to be 

received, the data records associated with the record count corresponding to a next 
plurality of communication packets to be transmitted; 
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wherein the transmitter is further configured to transmit the record count 
using the SSL-based protocol connection; and 

wherein the group MAC generation circuit is further configured to generate 
the next group MAC based on the next plurality of communication packets to be 
5 transmitted. 

28. The system of Claim 27 further comprising an SSL-based 
connection control circuit that closes the SSL-based protocol connection following 
transmission of a last plurality of communication packets. 

10 

29. The system of Claim 27 further comprising: 

a pre-encryption circuit that encrypts data records of at least a subset of 
communication packets of the plurality of communication packets based on either a 
temporary key or a client key associated with a designated client associated with 
1 5 the SSL-based protocol connection to provide pre-encrypted data records; and 

wherein the transmitter is further configured to transmit the pre-encrypted 
data records without using the SSL-based protocol connection to encrypt the pre- 
encrypted records and to transmit a group MAC generated based on the pre- 
encrypted data records using the SSL-based protocol connection to encrypt the 
20 group MAC generated based on the pre-encrypted data records. 



3 0 . The system of Claim 29 wherein the S SL-based connection control 
circuit is further configured to establish the SSL-based protocol connection with 
the destination device as a pre-encrypted data records based connection. 

25 

31. A system of message authentication for an SSL-based protocol 
connection between a source device and a destination device, the system 
comprising: 

a receiver that receives a first plurality of communication packets and a 
30 group MAC that was generated based on the first plurality of communication 
packets, wherein ones of the first plurality of communication packets do not 
include an associated packet MAC; 
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a message authentication code (MAC) generation circuit that generates a 
calculated MAC based on the received first plurality of communication packets; 
and 

an error detection circuit that determines if an error has occurred in the 
5 received first plurality of communication packets based on a comparison of the 
calculated MAC and the received group MAC. 



32. The system of Claim 3 1 wherein: 

the receiver is further configured to receive a record count, the record count 
10 indicating a number of data records to be received before a next group MAC, the 
next group MAC being generated based on a next plurality of communication 
packets corresponding the data records associated with the record count and to 
receive a number of data records of the next plurality of communication packets 
corresponding to the received record count and to receive the next group MAC; 
15 the MAC generation circuit is further configured to generate a next 

calculated MAC based on the received data records of the next plurality of 
communication packets; and 

the error detection circuit if further configured to determine if an error has 
occurred in the received data records of the next plurality of communication 
20 packets based on a comparison of the next calculated MAC and the received next 
group MAC. 



33. A system of message authentication for an SSL-based protocol 
connection between a source device and a destination device, the system 
25 comprising: 

means for generating a group message authentication code (MAC) based on 
a plurality of communication packets, each of the communication packets having at 
least one data record; and 

means for transmitting the plurality of communication packets using the 
30 SSL-based protocol connection along with the generated group MAC, wherein ones 
of the plurality of communication packets do not include an associated packet 
MAC. 
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34. The system of Claim 33 further comprising means for transmitting a 
record count using the SSL-based protocol connection, the record count indicating 
a number of data records to be received associated with a next group MAC to be 
received, the data records associated with the record count corresponding to a next 
5 plurality of communication packets to be transmitted and wherein the next group 
MAC is generated based on the next plurality of communication packets to be 
transmitted. 



35. The system of Claim 34 wherein the record count is transmitted 
10 using the SSL-based protocol connection before the next plurality of 

communication packets and wherein the next group MAC is transmitted after the 
next plurality of communication packets. 



36. The system of Claim 33 wherein at least a subset of communication 
15 packets from the plurality of communication packets have pre-encrypted data 
records and wherein the system further comprises: 

means for encrypting data records of the at least a subset of communication 
packets to provide the pre-encrypted data records; 

means for storing the pre-encrypted data records; 
20 means for retrieving ones of the stored pre-encrypted data records for 

transmission responsive to a request for transmission of the ones of the stored pre- 
encrypted data records; 

means for transmitting the retrieved ones of the stored pre-encrypted data 
records using the SSL-based protocol connection without using the SSL-based 
25 protocol connection to encrypt the retrieved ones of the stored pre-encrypted data 
records; and 

means for transmitting a group MAC generated based on the retrieved ones 
of the stored pre-encrypted data records using the SSL-based protocol connection 
to encrypt the group MAC generated based on the retrieved ones of the stored pre- 
30 encrypted data records. 
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37. The system of Claim 33 further comprising the destination device 
wherein the destination device comprises: 

means for receiving the first plurality of communication packets and the 
generated group MAC; 
5 means for generating a calculated MAC based on the received first plurality 

of communication packets; and 

means for determining if an error has occurred in the received first plurality 
of communication packets based on a comparison of the calculated MAC and the 
received generated group MAC. 

10 

38. A system for message authentication for an SSL-based protocol 
connection between a source device and a destination device, the system 
comprising: 

means for receiving a first plurality of communication packets and a group 
15 MAC that was generated based on the first plurality of communication packets, 
wherein ones of the first plurality of communication packets do not include an 
associated packet MAC; 

means for generating a calculated MAC based on the received first plurality 
of communication packets; and 
20 means for determining if an error has occurred in the received first plurality 

of communication packets based on a comparison of the calculated MAC and the 
received group MAC. 

39. The system of Claim 38 further comprising: 

25 means for receiving a record count, the record count indicating a number of 

data records to be received before a next group MAC, the next group MAC being 
generated based on a next plurality of communication packets corresponding the 
data records associated with the record count; 

means for receiving a number of data records of the next plurality of 
30 communication packets corresponding to the received record count; 
means for receiving the next group MAC; 
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means for generating a next calculated MAC based on the received data 
records of the next plurality of communication packets; and 

means for determining if an error has occurred in the received data records 
of the next plurality of communication packets based on a comparison of the next 
5 calculated MAC and the received next group MAC. 

40. A computer program product of message authentication for an SSL- 
based protocol connection between a source device and a destination device, 
comprising: 

10 a computer readable storage medium having computer readable program 

code embodied in said medium, said computer readable program code comprising: 

computer readable code which generates a group message authentication 
code (MAC) based on a plurality of communication packets, each of the 
communication packets having at least one data record; and 

1 5 computer readable code which transmits the plurality of communication 

packets using the SSL-based protocol connection along with the generated group 
MAC, wherein ones of the plurality of communication packets do not include an 
associated packet MAC. 

20 41 . The computer program product of Claim 40 further comprising 

computer readable code which transmits a record count using the SSL-based 
protocol connection, the record count indicating a number of data records to be 
received associated with a next group MAC to be received, the data records 
associated with the record count corresponding to a next plurality of 

25 communication packets to be transmitted and wherein the next group MAC is 

generated based on the next plurality of communication packets to be transmitted. 

42. The computer program product of Claim 41 wherein the record 
count is transmitted using the SSL-based protocol connection before the next 
30 plurality of communication packets and wherein the next group MAC is 
transmitted after the next plurality of communication packets. 
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43. The computer program product of Claim 40 wherein at least a subset 
of communication packets from the plurality of communication packets have pre- 
encrypted data records and wherein the computer program product further 
comprises: 

5 computer readable code which encrypts data records of the at least a subset 

of communication packets to provide the pre-encrypted data records; 

computer readable code which stores the pre-encrypted data records; 
computer readable code which retrieves ones of the stored pre-encrypted 
data records for transmission responsive to a request for transmission of the ones of 
1 0 the stored pre-encrypted data records; 

computer readable code which transmits the retrieved ones of the stored 
pre-encrypted data records using the SSL-based protocol connection without using 
the SSL-based protocol connection to encrypt the retrieved ones of the stored pre- 
encrypted data records; and 
1 5 computer readable code which transmits a group MAC generated based on 

the retrieved ones of the stored pre-encrypted data records using the SSL-based 
protocol connection to encrypt the group MAC generated based on the retrieved 
ones of the stored pre-encrypted data records. 

20 44. The computer program product of Claim 40 further comprising the 

following configured for execution on the destination device: 

computer readable code which receives the first plurality of communication 
packets and the generated group MAC; 

computer readable code which generates a calculated MAC based on the 
25 received first plurality of communication packets; and 

computer readable code which determines if an error has occurred in the 
received first plurality of communication packets based on a comparison of the 
calculated MAC and the received generated group MAC. 

30 45. A computer program product of message authentication for an SSL- 

based protocol connection between a source device and a destination device, 
comprising: 
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a computer readable storage medium having computer readable program 
code embodied in said medium, said computer readable program code comprising: 

computer readable code which receives a first plurality of communication 
packets and a group MAC that was generated based on the first plurality of 
5 communication packets, wherein ones of the first plurality of communication 
packets do not include an associated packet MAC; 

computer readable code which generates a calculated MAC based on the 
received first plurality of communication packets; and 

computer readable code which determines if an error has occurred in the 
10 received first plurality of communication packets based on a comparison of the 
calculated MAC and the received group MAC. 

46. The computer program product of Claim 45 further comprising: 
computer readable code which receives a record count, the record count 
1 5 indicating a number of data records to be received before a next group MAC, the 
next group MAC being generated based on a next plurality of communication 
packets corresponding the data records associated with the record count; 

computer readable code which receives a number of data records of the next 
plurality of communication packets corresponding to the received record count; 
20 computer readable code which receives the next group MAC; 

computer readable code which generates a next calculated MAC based on 
the received data records of the next plurality of communication packets; and 

computer readable code which determines if an error has occurred in the 
received data records of the next plurality of communication packets based on a 
25 comparison of the next calculated MAC and the received next group MAC. 
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